CVE-2024-21684

LOW Year: 2024
CVSS v3 Score
3.1
Low
Weakness Type
CWE-601
View all →

Vulnerability Description

There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions.

Related Vulnerabilities

CVE-2019-14882

LOW
CVSS:3.1(Low)

A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.

CWE-6012019

CVE-2022-44717

LOW
CVSS:3.1(Low)

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted ...

CWE-6012022

CVE-2024-28344

LOW
CVSS:3.1(Low)

An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encod...

CWE-6012024

CVE-2024-50345

LOW
CVSS:3.1(Low)

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters th...

CWE-6012024

CVE-2023-3515

LOW
CVSS:3.0(Low)

Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.

CWE-6012023